Kamphor - Slashdot User

Comment Bounce through SSH or use Tor (Score 1) 251

by SurfTheWorld on Saturday August 24, 2013 @12:17AM (#44662097) Attached to: Ask Slashdot: How To Diagnose Traffic Throttling and Work Around It?

Use OpenVPN in TCP mode (rather than it's default UDP mode).

Then set up local ssh port forwards through a bounce host you know works well.

Instead of going from Peru --> UK instead go from Peru --> Localhost --> SSH bounce host in Germany --> UK.

Or try an onion network like Tor.

Comment shell script to auto null route brute force attack (Score 3, Interesting) 298

by Kamphor on Thursday May 19, 2011 @09:27PM (#36187178) Attached to: Ask Slashdot: FTP Server Honeypots?

Guess it's time to give back to the community....a few years ago, I wrote a custom script to continually tail out lines at a time from /var/log/auth.log and null route the bad ip's....to date, I have 4316 ip's null routed. I have the following script running as a background job initiated from /etc/rc.local hope this is helpful to people. ----begin---- #!/bin/bash # script to sense bad ssh or ftp login tries from the same ip address while [ 1 ]; do # block known linux service user accounts ssh attempts previous=0; i=0; for badip in `awk '/sshd/ && /Failed password for /' /var/log/auth.log | egrep -i "root|bin|daemon|adm|lp|sync|shutdown|halt|mail|news|uucp|operator|games|rpm|vcsa|rpc|xfs|apache|rpcuser|sshd|ftp|kamphor|named|messagebus|haldaemon|ntp|openvpn|x11|polkituser|avahi|avahi-autoipd|htdig|pulse" | awk '{print $11}'| tail -100 | sort | uniq`; do if ! `grep -q $badip /etc/hosts.deny`; then echo "ALL: $badip" >> /etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi done # null route any attempt at non-existant users for ssh attempts previous=0; i=0; for badip in `awk '/sshd/ && /invalid user/ {print $13}' /var/log/auth.log | tail -100 | sort | uniq`; do if ! `grep -q $badip /etc/hosts.deny`; then echo "ALL: $badip" >> /etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi done # scan for behavior - probe ssh then try password previous=0; i=0; # first loop- check for ssh probe for badip in `awk '/sshd/ && /not receive identification string/ {print $12}' /var/log/auth.log | tail -2`; do if [ $previous == $badip ]; then i=`expr $i + 1`; # echo "in spoofed checker $badip $i" else i=0; fi #echo "these are the bad ip addresses: $badip $previous $i"; previous=$badip; done # end first for loop #start second loop - check for failed logins for badip2 in `grep $badip /var/log/auth.log | awk '/sshd/ && /Failed/ {print $11}' | tail -2`; do if [ $previous == $badip2 ]; then i=`expr $i + 1`; # echo "in spoofed checker $badip2 $i" else i=0; fi if [ $i -ge 3 ]; then if ! `grep -q $badip2 /etc/hosts.deny`; then # echo "not found in hosts.deny file"; echo "ALL: $badip2" >> /etc/hosts.deny; echo "route add -host $badip2 gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip2 gw 127.0.0.1; fi fi #echo "these are the bad ip addresses: $badip2 $previous $i"; previous=$badip2; done #end second loop # scan for spoofed domains or hosts for ssh attempts previous=0; i=0; for badip in `awk '/sshd/ && /Address/ && /does not map back/ {print $7}' /var/log/auth.log | tail -3`; do if [ $previous == $badip ]; then i=`expr $i + 1`; # echo "in spoofed checker $badip $i" else i=0; fi if [ $i -ge 2 ]; then if ! `grep -q $badip /etc/hosts.deny`; then echo "ALL: $badip" >> /etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi fi # echo "these are the bad ip addresses: $badip $previous $i"; previous=$badip; done # scan for failed ftp attempts previous=0; i=0; for badip in `awk '/proftpd/ && /Maximum/ {print $7}' /var/log/auth.log | awk -F\( '{print $2}' | awk -F\[ '{print $2}' | awk -F\] '{print $1}' | tail -2`; do if [ $previous == $badip ]; then i=`expr $i + 1`; # echo "in ftp section $badip $i" else i=0; fi if [ $i -ge 1 ]; then if ! `grep -q $badip /etc/hosts.deny`; then echo "ALL: $badip" >> /etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi fi # echo "these are the bad ip addresses: $badip $previous $i"; previous=$badip; done # block all admin logins to ftp previous=0; i=0; for badip in `awk '/proftpd/ && /no such user found/' /var/log/auth.log | egrep -i "Administrator" | awk '{print $17}' | cut -f2 -d[ | cut -f1 -d] | sort | uniq`; do if ! `grep -q $badip /etc/hosts.deny`; then echo "ALL: $badip" >> /etc/hosts.deny; echo "route add -host $badip gw 127.0.0.1" >> /etc/routeblock.sh route add -host $badip gw 127.0.0.1; fi done sleep 1; done ----end----

Comment Re:Houses with builtin Faraday cages (Score 1) 243

by SurfTheWorld on Saturday January 09, 2010 @11:22AM (#30707426) Attached to: MagicJack Femtocell Gates Cell Traffic to VoIP

hedronist is 100% right.

My house was built in 1953 and is made of brick with plaster walls. Some of the walks have chipped or cracked over the years and underneath the plaster surface is a metallic mesh.

When I'm outside my home my signal is a perfect 4 bars. The minute I step inside I drop to "No Service".

WiFi has problems too and it's transmitting within the house about 2 rooms away.

I wish there was a WiFi solution outside of microwave...

Comment Yes...I have experienced problems with ext4 (Score 1) 289

by Kamphor on Saturday May 30, 2009 @02:18PM (#28150869) Attached to: Is ext4 Stable For Production Systems?

I nearly lost my whole filesystem. It's a good thing I had a backup core system on reiserfs to boot from and run fsck. from what I understand, it's a problem with the ext4 journaling system and metadata. this link has info on the journal problem...which may have already been patched in the current kernels. http://lwn.net/Articles/284037/ wiki page for ext4 - bottom has a fix for the problem: http://wiki.archlinux.org/index.php/Ext4 essentially, mounting and ext4 filesystem with option "data=ordered" helped my system out. since I have enabled this mount option, my filesystem is now stable even after hard reboots or power failures. Hope this helps out people as it did me! -Kamphor

Quicken 2007 For Mac Lacks EV Cert Support 108

Posted by kdawson on Tuesday December 23, 2008 @08:23PM from the untrusting-of-the-trustworthy dept.

adamengst writes "If your bank uses the Extended Validation certificates that require a higher level of identity checking on the certificate authority's part (as at least one Seattle bank does), you may not be able to download transactions using the Mac version of Quicken. Quicken doesn't gracefully ignore extra information in EV certificates as older Web browsers do, but instead throws an error and refuses to download transactions. Intuit says they're working on a fix — but users may have to wait 'a couple of months,' and even then the fix may not be applied to versions before Quicken 2007."

Comment DirecTV Customers Not Entirely Left Out... (Score 3, Informative) 190

by SurfTheWorld on Monday December 08, 2008 @06:09PM (#26039927) Attached to: Netflix Comes To Tivo, AppleTV, Linux

From a press release several weeks/months ago:

"DIRECTV and TiVo will work together to develop a version of the TiVoÂ® service for DIRECTV's broadband-enabled HD DVR platform. The product will support the latest TiVo and DIRECTV features and services, including TiVo's Universal Swivel Search and TiVo KidZone. TiVo will develop the new HD DVR for an expected launch in the second half of 2009."

So right now we're locked out but the landscape will improve in the future.

Comment Comcast's 3 tiers of service... (Score 1) 618

by Kamphor on Monday September 17, 2007 @11:27AM (#20636947) Attached to: Comcast Slightly Clarifies High Speed Extreme Use Policy

This actually happened to me like 2 years ago. First time was a letter in the mail from Comcast stating that I should check my [wireless] network security, if I use wireless, and enable WEP/WPA so that other people cannot leech off my broadband connection. The second time, they put my cable modem on "abusive mode" which gave it an internal ip address for the comcast network. I think at this point, I was only able to go to the main comcast web page. I had to call them up and release the restriction, but they told me that if I exceed the aggregate bandwidth transfer cap/limit/number, then I would have to find another isp. Now, Comcast offers tiered service: standard 4/384, 6/384, and 8/768. I would assume that purchasing the higher tiers would in essence increase the aggregate transfer limit cap by that fraction. There was a massive download I wanted totaling 80gig by itself, and before I downloaded it, purchased the highest tier. The 3rd tier is essentially double that of the standard service, so if 90gigs a month was the magic number, then my new cap should be 180gigs a month. Ever since then, I haven't had a problem with my transfers (knock on wood!).

Journal Journal: "Automatically", I/O, and Linux robustness. 2

Journal by SurfTheWorld on Thursday November 18, 2004 @09:24PM

Pisses me off how more things these days in our trusted "lil OS that could" are automatically done for you in order to make you more efficient. As it turns out, many of these things make me LESS efficient, and cause me to break things near my computer. And I'm quite certain that my computer is quite tired of me slapping it on it's face (monitor) for automatically doing something I don't want it to do.

Journal Journal: Farking ads

Journal by SurfTheWorld on Monday May 03, 2004 @01:12PM

Never has a 17Kb animated GIF motivated me to make a purchase. To me, advertisements are like spam:

1.) They are unsolicited
2.) They only hit 1 / 1000 times.
3.) They consume resources and bandwidth.

There's an enormous uproar about spam, but how come nobody cares that CNN pops up an advertisement *every time you go to their page*?

Journal Journal: So warm out

Journal by SurfTheWorld on Sunday April 18, 2004 @02:04PM

90 degrees for the first time this year. Summer is going to be so nice.

Slashdot Top Deals